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REMARKS 

Applicants appreciate the thorough review of the present application as reflected in the 
Official Action mailed December 8, 2004. Applicants have amended the specification to provide 
the serial numbers of the related applications. Applicants submit that the claims are patentable 
over the cited references for the reasons discussed below. 

The Information Disclosure Statement 

Applicants wish to bring to the Examiner's attention an Information Disclosure Statement 
(IDS) that is being filed concurrently with the present Amendment. Applicants request that the 
Examiner return an initialed copy of the PTO-1449 form submitted with this IDS. 

The Anticipation Rejection 

Claims 1-13, 15-17, 20-32, 34-36, 39-51 and 53-55 stand rejected as anticipated under 35 
U.S.C. § 102(e) by United States Patent Application Publication No. 2002/001 6926A1 to 
Nguyen et al. (hereinafter "Nguyen"). The present application was filed January 17, 2001 . 
Nguyen published February 7, 2002, was filed April 26, 2001 and claims priority from 
Provisional Application Serial No. 60/199,984 filed April 27, 2000 (hereinafter "the '984 
application"). Pursuant to 35 U.S.C. § 1 19(e), the Nguyen reference is only entitled to the filing 
date of the provisional application to the extent that the provisional application enables the 
materials recited therein under the standard of the first paragraph of 35 U.S.C. § 1 12. See New 
Railhead Mfg., L.L.C. v. Vermeer Mfg. Co., 298 F.3d 1290, 1294, (Fed. Cir. 2002). Because 
Nguyen was filed after the filing date of the present application, the cited portions of Nguyen 
only qualify as prior art against the present application if support for the cited portions of 
Nguyen is found in the provisional application. 

Attached hereto at Tab A is a copy of Provisional Application Serial No. 60/199,984 
from which Nguyen claims priority. This copy of the Provisional Application was obtained 
through the Public PAIR system. The Official Action relies on Figures 1, 8a, 8b, 9 and 10 and 
paragraphs 13, 14, 15, 16, 17, 18, 36, 39, 86, 92, 93, 95 and 101, 104, 105, 118 of Nguyen in 
rejecting the claims of the present application. 

As a review of the ! 984 application makes clear, most of the relied upon portions of 
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Nguyen do not appear to be present in the f 984 application. For example, Figures 1, 8a, 8b, 9 
and 10 do not appear to be present in the '984 application. Likewise, portions of paragraph 104 
appears to be present in the '984 application, however, paragraphs 39, 86, 92, 93 and 95 do not 
appear to be present in the '984 application. 

In light of the above discussion, Applicants submit that portions of Nguyen relied on in 
the Official Action are not found in the '984 application nor does it appear that any relevant 
technical description is provided that would disclose or suggest all of the technical subject matter 
relied on in the Official Action. Accordingly, Applicants submit that many of the cited portions 
of Nguyen may only be accorded a filing date of April 26, 2001. As such, many of the cited 
portions of Nguyen were filed after the priority date of the present application and, therefore, do 
not constitute prior art to the present application. Applicants, therefore, request withdrawal of 
the present rejections based on the cited portions of Nguyen. 

With regard to the "Examiner's note" at page 19 of the Official Action, given the paucity 
of disclosure in the '984 application on which Nguyen is based, if the present rejection is 
maintained, Applicants request that the Examiner explain how the three paragraphs and single 
figure of the '984 application anticipates the claims of the present application or otherwise 
provides support for the relied on portions of Nguyen. Furthermore, given the brevity of 
disclosure in the '984 application and the length of the Nguyen reference, Applicants have not 
made a complete paragraph by paragraph comparison between the '984 application and the 
Nguyen reference as Applicants submit that the '984 application does not anticipate any of the 
claims of the present application. For example, to the extent that the '984 application can be 
understood, it does not appear to describe security processing for a plurality of hosts that use a 
common network address as recited in Claim 1 . Likewise, the recitations of Claim 10 also do 
not appear to be disclosed in the '984 application. 

The Obviousness Rejections 

Claims 14, 18, 19, 33, 37, 38, 52, 56 and 57 stand rejected under 35 U.S.C. § 103 as 
obvious in light of Nguyen and United States Patent No. 5,754,856 to Klein (hereinafter 
"Klein"). Official Action, p. 15. Applicants submit that these claims are patentable at least as 
depending from a patentable base claim as discussed above. 
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Conclusion 

In light of the above discussion, Applicants submit that the claims of the present 
application are patentable over Nguyen and, therefore, request allowance of the present 
application and passage of the present application to issue. 
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£ BRIEF DESCRIPTION OF THE DRAWINGS 

i 

J t FIG 1 schematically illustrates a communications network implementing the automatic IPSEC 

S . . 

%} tunneling administrator according to the present invention. 
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ABSTRACT 

See attached Appendix A. 



APPENDIX A 

Automatic IPSEC Tunnel Administration 



FIELD OF INVENTION 

The present invention is directed to secure communications networks. In particular, the present 
invention is directed to a method of providing automatic configuration and management of IPSEC Security 
Associations (SA). 



SUMMARY OP INVENTION 

The present invention is a method used in conjunction with network security devices from Fortress 
Technologies* Automatic Tunneling Administration (ATA) products. Details on ATA technology is 
documented elsewhere, and will not be discussed in detail. It is sufficient to say that ATA has been 
modified with functionality that allows Portress Technologies IPSEC implementations to derive the 
necessary configuration information from the ATA hub. This means that the system administrator, or 
security officer, is only required to enter the Virtual Private LAN (VPLAN) configuration at the hub. In 
addition to hub configuration, the administrator is only required to configure each peer with information to 
reach the hub. The ISAKMP (Internet Security Association and Key Management Protocol) SAs and 
IPSEC SAs will be automatically established, using Pre-Shared or Public Keys for authentication. When 
using the Pre-Shared Key method of authentication, each member of the VPLAN will automatically 
generate the shared keying material, which eliminate the logistics of distribution and management of Pre- 
Shared keys. 



nwspyiPTioN of the drawing 

Fig. 1 illustrates a communications network implementing the automatic IPSEC tunneling 
administrator according to the present invention. Notice that the IPSEC gateways are also capable of 
interfacing with SPS members of the virtual LAN. The drawing also shows an optional X.509V3 
certificate server. The certificate server can be used to support automatic distribution sind management of 
public keys, which is one alternative to the Pre-Shared method of authentication as des-cribed in IBTFs 
industry standards for IPSEC. 
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ABSTRACT 



Described is a method used in conjunction with Fortress Technologies network security devices to 
provide security services using industry standard IPSEC protocols. The uniqueness of this method is in the 
technique used to provide IPSEC services in a fully automatic mode, using one of several industry 
standards for authentication such as Pre-Shared Keys or Public Keys. This is accomplished by 
enhancements applied to Fortress Technologies* (ATA) products, and by other extermd means used to 
extract the necessary configuration information needed to establish and maintain IPSEC secured tunnels 
automatically. The configuration information needed to establish IPSEC Security Associations (SA) is 
derived on the fly from a YLAN hub. When the Pre-Shared Key method of authentication is used, each 
member of the VPLAN automatically generate the bying material. 



